NXP LS1028ARDB

arch.mk

@@ -62,13 +62,39 @@ endif
 ## ARM Cortex-A
 ifeq ($(ARCH),AARCH64)
   CROSS_COMPILE?=aarch64-none-elf-
-  CFLAGS+=-DARCH_AARCH64 -march=armv8-a
+  CFLAGS+=-DARCH_AARCH64
   OBJS+=src/boot_aarch64.o src/boot_aarch64_start.o
-  CFLAGS+=-DNO_QNX
+
+  ifeq ($(TARGET),nxp_ls1028a)
+    ARCH_FLAGS=-mcpu=cortex-a72+crypto -march=armv8-a+crypto -mtune=cortex-a72
+    CFLAGS+=$(ARCH_FLAGS) -DCORTEX_A72
+
+    CFLAGS +=-ffunction-sections -fdata-sections
+    LDFLAGS+=-Wl,--gc-sections
+
+    ifeq ($(DEBUG_UART),0)
+      CFLAGS+=-fno-builtin-printf
+    endif
+
+    SPI_TARGET=nxp
+  else
+    # By default disable ARM ASM for other targets
+    NO_ARM_ASM=1
+  endif
+
   ifeq ($(SPMATH),1)
     MATH_OBJS += ./lib/wolfssl/wolfcrypt/src/sp_c32.o
     MATH_OBJS += ./lib/wolfssl/wolfcrypt/src/sp_arm64.o
   endif
+  ifeq ($(NO_ARM_ASM),0)
+    ARCH_FLAGS=-mstrict-align
+    CFLAGS+=$(ARCH_FLAGS) -DWOLFSSL_ARMASM -DWOLFSSL_ARMASM_INLINE -DWC_HASH_DATA_ALIGNMENT=8
+    WOLFCRYPT_OBJS += lib/wolfssl/wolfcrypt/src/port/arm/armv8-sha256.o \
+                      lib/wolfssl/wolfcrypt/src/port/arm/armv8-sha512.o \
+                      lib/wolfssl/wolfcrypt/src/port/arm/armv8-aes.o \
+                      lib/wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm_c.o \
+                      lib/wolfssl/wolfcrypt/src/port/arm/armv8-sha3-asm_c.o
+  endif
 endif
 
 ## ARM Cortex-M
@@ -202,11 +228,13 @@ ifeq ($(CORTEX_A5),1)
     MATH_OBJS+=./lib/wolfssl/wolfcrypt/src/sp_c32.o
   else
     MATH_OBJS+=./lib/wolfssl/wolfcrypt/src/sp_arm32.o
-    OBJS+=./lib/wolfssl/wolfcrypt/src/port/arm/armv8-sha256.o
-    OBJS+=./lib/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.o
-    OBJS+=./lib/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.o
-    CFLAGS+=-DWOLFSSL_SP_ARM32_ASM -DWOLFSSL_ARMASM -DWOLFSSL_ARMASM_NO_HW_CRYPTO \
-            -DWOLFSSL_ARM_ARCH=7 -DWOLFSSL_ARMASM_INLINE -DWOLFSSL_ARMASM_NO_NEON
+    ifneq ($(NO_ARM_ASM),1)
+      OBJS+=./lib/wolfssl/wolfcrypt/src/port/arm/armv8-sha256.o
+      OBJS+=./lib/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.o
+      OBJS+=./lib/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.o
+      CFLAGS+=-DWOLFSSL_SP_ARM32_ASM -DWOLFSSL_ARMASM -DWOLFSSL_ARMASM_NO_HW_CRYPTO \
+              -DWOLFSSL_ARM_ARCH=7 -DWOLFSSL_ARMASM_INLINE -DWOLFSSL_ARMASM_NO_NEON
+    endif
   endif
 else
   # All others use boot_arm.o
@@ -230,8 +258,7 @@ else
 
 
     CORTEXM_ARM_EXTRA_CFLAGS+=-DWOLFSSL_ARMASM -DWOLFSSL_ARMASM_NO_HW_CRYPTO \
-                            -DWOLFSSL_ARMASM_NO_NEON
-    CORTEXM_ARM_EXTRA_CFLAGS+=-DWOLFSSL_ARMASM_THUMB2
+                              -DWOLFSSL_ARMASM_NO_NEON -DWOLFSSL_ARMASM_THUMB2
   endif
   ifeq ($(CORTEX_M33),1)
     CFLAGS+=-mcpu=cortex-m33 -DCORTEX_M33

config/examples/nxp-ls1028a-tpm.config

@@ -0,0 +1,65 @@
+ARCH=AARCH64
+TARGET=nxp_ls1028a
+SIGN?=ECC256
+HASH?=SHA256
+DEBUG?=1
+DEBUG_UART?=1
+VTOR?=0
+CORTEX_M0?=0
+NO_ASM?=0
+EXT_FLASH?=1
+SPI_FLASH?=0
+## Force app to be copied into ram
+NO_XIP?=1
+UART_FLASH?=0
+ALLOW_DOWNGRADE?=0
+NVM_FLASH_WRITEONCE?=0
+WOLFBOOT_VERSION?=0
+V?=0
+NO_MPU?=0
+SPMATH?=1
+RAM_CODE?=0
+DUALBANK_SWAP?=0
+PKA?=0
+
+WOLFTPM=1
+
+MEASURED_BOOT?=0
+MEASURED_PCR_A?=3
+
+WOLFBOOT_TPM_KEYSTORE?=1
+WOLFBOOT_TPM_KEYSTORE_NV_INDEX?=25166336
+WOLFBOOT_TPM_POLICY_NV_INDEX?=25166337
+WOLFBOOT_TPM_PCR_INDEX?=16
+
+# NOR Base Address
+ARCH_FLASH_OFFSET?=0x20000000
+
+# Flash Sector Size (128 KB)
+WOLFBOOT_SECTOR_SIZE=0x20000
+
+# wolfBoot start address
+WOLFBOOT_ORIGIN=0x20020000
+
+# wolfBoot partition size
+BOOTLOADER_PARTITION_SIZE=0x20000
+
+# Application Partition size
+WOLFBOOT_PARTITION_SIZE?=0x20000
+
+# Location in Flash for Application Partition
+WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x20040000
+
+# Load Partition to RAM Address
+WOLFBOOT_LOAD_ADDRESS?=0x18020100
+
+# Location in Flash for Update Partition
+WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x20060000
+
+# Location of temporary sector used during updates
+WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x20080000
+
+# DTS (Device Tree)
+WOLFBOOT_LOAD_DTS_ADDRESS?=0x80000000
+WOLFBOOT_DTS_BOOT_ADDRESS?=0x20F00000
+WOLFBOOT_DTS_UPDATE_ADDRESS?=0x20F00000

config/examples/nxp-ls1028a.config

@@ -0,0 +1,55 @@
+ARCH=AARCH64
+TARGET=nxp_ls1028a
+SIGN?=ECC256
+HASH?=SHA256
+DEBUG?=1
+DEBUG_UART?=1
+VTOR?=0
+CORTEX_M0?=0
+NO_ASM?=0
+EXT_FLASH?=1
+SPI_FLASH?=0
+## Force app to be copied into ram
+NO_XIP?=1
+UART_FLASH?=0
+ALLOW_DOWNGRADE?=0
+NVM_FLASH_WRITEONCE?=0
+WOLFBOOT_VERSION?=0
+V?=0
+NO_MPU?=0
+SPMATH?=1
+RAM_CODE?=0
+DUALBANK_SWAP?=0
+PKA?=0
+
+# NOR Base Address
+ARCH_FLASH_OFFSET?=0x20000000
+
+# Flash Sector Size (128 KB)
+WOLFBOOT_SECTOR_SIZE=0x20000
+
+# wolfBoot start address
+WOLFBOOT_ORIGIN=0x20020000
+
+# wolfBoot partition size
+BOOTLOADER_PARTITION_SIZE=0x20000
+
+# Application Partition size
+WOLFBOOT_PARTITION_SIZE?=0x20000
+
+# Location in Flash for Application Partition
+WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x20040000
+
+# Load Partition to RAM Address
+WOLFBOOT_LOAD_ADDRESS?=0x18020100
+
+# Location in Flash for Update Partition
+WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x20060000
+
+# Location of temporary sector used during updates
+WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x20080000
+
+# DTS (Device Tree)
+WOLFBOOT_LOAD_DTS_ADDRESS?=0x80000000
+WOLFBOOT_DTS_BOOT_ADDRESS?=0x20F00000
+WOLFBOOT_DTS_UPDATE_ADDRESS?=0x20F00000

config/examples/raspi3.config

@@ -4,6 +4,7 @@ SIGN?=RSA4096
 HASH?=SHA3
 DEBUG?=1
 VTOR?=1
+NO_XIP?=1
 SPMATH?=1
 IMAGE_HEADER_SIZE?=1024
 PKA?=1

docs/Targets.md

@@ -16,6 +16,7 @@ This README describes configuration of supported targets.
 * [NXP iMX-RT](#nxp-imx-rt)
 * [NXP Kinetis](#nxp-kinetis)
 * [NXP LPC54xxx](#nxp-lpc54xxx)
+* [NXP LS1028A](#nxp-ls1028a)
 * [NXP MCXA153](#nxp-mcxa153)
 * [NXP P1021 PPC](#nxp-qoriq-p1021-ppc)
 * [NXP T1024 PPC](#nxp-qoriq-t1024-ppc)
@@ -1073,6 +1074,97 @@ arm-none-eabi-gdb wolfboot.elf -ex "target remote localhost:3333"
 ```
 
 
+## NXP LS1028A
+
+The LS1028A is a AARCH64 armv8-a Cortex-A72 processor. Support has been tested with the NXP LS1028ARDB.
+
+Example configurations for this target are provided in:
+* NXP LS1028A: [/config/examples/nxp-ls1028a.config](/config/examples/nxp-ls1028a.config).
+* NXP LS1028A with TPM: [/config/examples/nxp-ls1028a-tpm.config](/config/examples/nxp-ls1028a-tpm.config).
+
+### Building wolfBoot for NXP LS1028A
+
+1. Download `aarch64-none-elf-` toolchain.
+
+2. Copy the example `nxp-ls1028a.cofig` file to root directory and rename to `.config`
+
+3. Build keytools and wolfboot
+
+```
+cp ./config/examples/nxp-ls1028a.config .config
+make distclean
+make keytools
+make
+```
+
+This should output 3 binary files, `wolfboot.bin`, `image_v1_signed.bin` and `factory.bin`
+- `wolfboot.bin` is the wolfboot binary
+- `image_v1_signed.bin` is the signed application image and by default is `test-app/app_nxp_ls1028a`
+- `factory.bin` is the two binaries merged together
+
+
+### Hardware Setup LS1028ARDB
+
+DIP Switch Configuraiton for XSPI_NOR_BOOT:
+```
+SW2 : 0xF8 = 11111000  SW3 : 0x70 = 01110000  SW5 : 0x20 = 00100000
+Where '1' = UP/ON
+```
+
+UART Configuraiton:
+```
+Baud Rate: 115200
+Data Bits: 8
+Parity: None
+Stop Bits: 1
+Flow Control: None
+Specify device type - PC16552D
+Configured for UART1 DB9 Connector
+```
+
+### Programming NXP LS1028A
+
+Programming requires three components:
+1. RCW binary - Distribured by NXP at `https://github.com/nxp-qoriq/qoriq-rcw-bin` or can be generated using `https://github.com/nxp-qoriq/rcw/tree/master/ls1028ardb/R_SQPP_0x85bb` (tested with `rcw_1300.bin`)
+2. woflBoot
+3. Application - Test app found in `test-app/app_nxp_ls1028a.c`
+
+Once you have all components, you can use a lauterbach or CW to flash NOR flash. You must flash RCW, wolfboot and singed_image. `factory.bin` can be used which is wolfboot and the signed image merged. You will need to build a signed image for every update to the application code, which can be done by using keytools in `tools/keytools/sign` see `docs/Signing.md` for more details
+and to sign a custom image.
+
+```
+Usage: tools/keytools/sign [options] image key version
+```
+
+#### Lauterbach Flashing and Debugging
+
+1. Launch lauterbach and open the demo script `debug_wolfboot.cmm`.
+2. Open any desired debug windows.
+3. Hit the play button on the demo script.
+4. It should pop up with a code window and at the reset startpoint. (May requrie a reset or power cycle)
+
+```
+./t32/bin/macosx64/t32marm-qt
+
+Open Script > debug_wolfboot.cmm
+```
+
+You can modify the Lauterbach NOR flash demo or use `debug_wolfboot.cmm` script, just make sure the flash offset for
+the RCW is `0x0` and the address offset for wolboot is `0x1000`.
+
+#### Other Tools
+
+1. Make sure the memory addresses are alinged with the `.config` file.
+2. Note the important NOR flash addresses in the defualt config are as follows.
+3. RCW location is offset `0x0` or `0x20000000` memory mapped.
+4. Wolfboot location is offset `0x1000` or `0x20001000` where wolfboot starts.
+5. Application location is offset `0x20000` or `0x20020000` where application code goes.
+6. Update location is offset `0x40000` or `0x20040000` where the new or updated applciaiton goes.
+7. Load Location is `0x18020100` which is OCRAM or where the applciaiton code is loaded if using RAM loading from
+8. DTS Location is
+9. Update memory locations as neeeded.
+
+
 ## Cortex-A53 / Raspberry PI 3 (experimental)
 
 Tested using `https://github.com/raspberrypi/linux` on Ubuntu 20

docs/measured_boot.md

@@ -39,7 +39,7 @@ To enable measured boot add `MEASURED_BOOT=1` setting in your wolfBoot config.
 
 It is also necessary to select the PCR (index) where the measurement will be stored.
 
-Selection is made using the `MEASURED_BOOT_PCR_A=[index]` setting. Add this
+Selection is made using the `MEASURED_PCR_A=[index]` setting. Add this
 setting in your wolfBoot config and replace `[index]` with a number between
 0 and 23. Below you will find guidelines for selecting a PCR index.